Web Application Testing

Info:Web Application Penetration Testing is a must in today's web 2.0+ environment.

Web Application Penetration Testing, sometimes referred to as WebApp PenTesting, is the act of simulating an attack on or through a web site or internet application. WebApp’s are everywhere today and more and more attacks begin with a vulnerability in an internet facing website.

Today’s market is driving companies to produce web content at an alarming pace. It’s important to test these applications frequently; seemingly minute changes in the code can expose gaping vulnerabilities and allow attackers a foot-hold into your environment.

Depending on the security budget and awareness of your organization these tests can range from a simple scan for known vulnerabilities to a manual test searching for application and business logic flaws.

If your applications have never been tested or are tested infrequently we recommend starting with a semi-automated test. A PenTester at NBG Networks will run a scanner against your application and then manually test some of the controls that more frequently fail.

These tests reveal items such as:

SQL Injection

Cross-Site Scripting

Cross-Site Request Forgery

Login Bypass Vulnerabilities

Comments in Code

Common directories with logs and administrative content

Known exploitable code

More Advanced manual testing will reveal items such as:

Programming logic flaws

Bespoke coding vulnerabilities

Harder to find blind SQL injection issues

Other less obvious flaws

During advanced tests, it’s often helpful if you can provide NBG Networks with the code for a code review or access to the server. Server access generally speeds up the process of reviewing a web application, while still accurately portraying an attacker. Your company has a limited time and budget to test these applications but attackers do not.